From 2bdcd44066150f4b79fb1f9425efdc1d8e9ffb47 Mon Sep 17 00:00:00 2001 From: Aaron Gorka <22756133+aarongorka@users.noreply.github.com> Date: Wed, 6 Aug 2025 11:03:01 +1000 Subject: [PATCH 1/4] fix: ensure IAM Role name length does not exceed 64 characters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using a long enough `prefix`, the IAM Roles can exceed the maximum length allowed by AWS. For example: ``` │ Error: expected length of name to be in the range (1 - 64), got github-runners-prod-xxxxxxxxxxxxxx-prod-action-scale-down-lambda-role │ │ with module.multi_runner.module.runners["xxxxxxxxxxxxxx-prod"].aws_iam_role.scale_down, │ on .terraform/modules/multi_runner/modules/runners/scale-down.tf line 88, in resource "aws_iam_role" "scale_down": │ 88: name = "${var.prefix}-action-scale-down-lambda-role" ``` There is nowhere to override this, so your only options are to change the prefix for the entire module. This commit resolves this by truncating the name to fit under the maximum length. This primarily happens on the scale-up and scale-down Lambdas, but I've added it everywhere for consistency. Fixes: https://github.com/github-aws-runners/terraform-aws-github-runner/issues/3973 --- modules/ami-housekeeper/main.tf | 2 +- modules/lambda/main.tf | 2 +- modules/runner-binaries-syncer/runner-binaries-syncer.tf | 2 +- modules/runners/policies-runner.tf | 2 +- modules/runners/pool/main.tf | 2 +- modules/runners/scale-down.tf | 2 +- modules/runners/scale-up.tf | 2 +- modules/runners/ssm-housekeeper.tf | 2 +- modules/setup-iam-permissions/main.tf | 2 +- modules/webhook/direct/webhook.tf | 2 +- modules/webhook/eventbridge/dispatcher.tf | 2 +- modules/webhook/eventbridge/webhook.tf | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/ami-housekeeper/main.tf b/modules/ami-housekeeper/main.tf index f462c240fc..0be45ab179 100644 --- a/modules/ami-housekeeper/main.tf +++ b/modules/ami-housekeeper/main.tf @@ -55,7 +55,7 @@ resource "aws_cloudwatch_log_group" "ami_housekeeper" { } resource "aws_iam_role" "ami_housekeeper" { - name = "${var.prefix}-ami-housekeeper-role" + name = substr("${var.prefix}-ami-housekeeper-role", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf index 137b727774..e234a682fd 100644 --- a/modules/lambda/main.tf +++ b/modules/lambda/main.tf @@ -60,7 +60,7 @@ resource "aws_cloudwatch_log_group" "main" { } resource "aws_iam_role" "main" { - name = "${var.lambda.prefix}-${var.lambda.name}" + name = substr("${var.lambda.prefix}-${var.lambda.name}", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.lambda.role_permissions_boundary diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf index d3f5f08efa..f0bdaaf92b 100644 --- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf +++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf @@ -58,7 +58,7 @@ resource "aws_lambda_function" "syncer" { resource "aws_iam_role_policy" "lambda_kms" { count = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null) != null ? 1 : 0 - name = "${var.prefix}-lambda-kms-policy-syncer" + name = substr("${var.prefix}-lambda-kms-policy-syncer", 0, 63) role = aws_iam_role.syncer_lambda.id policy = templatefile("${path.module}/policies/lambda-kms.json", { diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf index d923c143cb..7c53b8b18c 100644 --- a/modules/runners/policies-runner.tf +++ b/modules/runners/policies-runner.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "runner" { - name = "${var.prefix}-runner-role" + name = substr("${var.prefix}-runner-role", 0, 63) assume_role_policy = templatefile("${path.module}/policies/instance-role-trust-policy.json", {}) path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/pool/main.tf b/modules/runners/pool/main.tf index 49ab15b2c1..b52ce1c60a 100644 --- a/modules/runners/pool/main.tf +++ b/modules/runners/pool/main.tf @@ -74,7 +74,7 @@ resource "aws_cloudwatch_log_group" "pool" { } resource "aws_iam_role" "pool" { - name = "${var.config.prefix}-action-pool-lambda-role" + name = substr("${var.config.prefix}-action-pool-lambda-role", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf index 786f584280..93eabd4413 100644 --- a/modules/runners/scale-down.tf +++ b/modules/runners/scale-down.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "scale_down" { } resource "aws_iam_role" "scale_down" { - name = "${var.prefix}-action-scale-down-lambda-role" + name = substr("${var.prefix}-action-scale-down-lambda-role", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf index ad96c496a4..5e4ae75a9c 100644 --- a/modules/runners/scale-up.tf +++ b/modules/runners/scale-up.tf @@ -101,7 +101,7 @@ resource "aws_lambda_permission" "scale_runners_lambda" { } resource "aws_iam_role" "scale_up" { - name = "${var.prefix}-action-scale-up-lambda-role" + name = substr("${var.prefix}-action-scale-up-lambda-role", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/ssm-housekeeper.tf b/modules/runners/ssm-housekeeper.tf index e9c2a175ba..b73514fed8 100644 --- a/modules/runners/ssm-housekeeper.tf +++ b/modules/runners/ssm-housekeeper.tf @@ -83,7 +83,7 @@ resource "aws_lambda_permission" "ssm_housekeeper" { } resource "aws_iam_role" "ssm_housekeeper" { - name = "${var.prefix}-ssm-hk-lambda" + name = substr("${var.prefix}-ssm-hk-lambda", 0, 63) description = "Lambda role for SSM Housekeeper (${var.prefix})" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path diff --git a/modules/setup-iam-permissions/main.tf b/modules/setup-iam-permissions/main.tf index ce39031058..0f6e4a70a6 100644 --- a/modules/setup-iam-permissions/main.tf +++ b/modules/setup-iam-permissions/main.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "deploy" { - name = "${var.prefix}-terraform" + name = substr("${var.prefix}-terraform", 0, 63) permissions_boundary = aws_iam_policy.deploy_boundary.arn assume_role_policy = templatefile("${path.module}/policies/assume-role-for-account.json", { diff --git a/modules/webhook/direct/webhook.tf b/modules/webhook/direct/webhook.tf index a8adc380a6..778ba5b077 100644 --- a/modules/webhook/direct/webhook.tf +++ b/modules/webhook/direct/webhook.tf @@ -90,7 +90,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = "${var.config.prefix}-direct-webhook-lambda-role" + name = substr("${var.config.prefix}-direct-webhook-lambda-role", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/dispatcher.tf b/modules/webhook/eventbridge/dispatcher.tf index 85b109504e..23f2ce8327 100644 --- a/modules/webhook/eventbridge/dispatcher.tf +++ b/modules/webhook/eventbridge/dispatcher.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda" { } resource "aws_iam_role" "dispatcher_lambda" { - name = "${var.config.prefix}-dispatcher-lambda-role" + name = substr("${var.config.prefix}-dispatcher-lambda-role", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/webhook.tf b/modules/webhook/eventbridge/webhook.tf index 84bbfba057..6557e7c617 100644 --- a/modules/webhook/eventbridge/webhook.tf +++ b/modules/webhook/eventbridge/webhook.tf @@ -89,7 +89,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = "${var.config.prefix}-eventbridge-webhook-lambda-role" + name = substr("${var.config.prefix}-eventbridge-webhook-lambda-role", 0, 63) assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary From 184c6c83d9e78f71bc40d9c3951586067cdcf696 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 3 Sep 2025 22:53:27 +0200 Subject: [PATCH 2/4] Update modules/runner-binaries-syncer/runner-binaries-syncer.tf Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- modules/runner-binaries-syncer/runner-binaries-syncer.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf index f0bdaaf92b..d3f5f08efa 100644 --- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf +++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf @@ -58,7 +58,7 @@ resource "aws_lambda_function" "syncer" { resource "aws_iam_role_policy" "lambda_kms" { count = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null) != null ? 1 : 0 - name = substr("${var.prefix}-lambda-kms-policy-syncer", 0, 63) + name = "${var.prefix}-lambda-kms-policy-syncer" role = aws_iam_role.syncer_lambda.id policy = templatefile("${path.module}/policies/lambda-kms.json", { From 33cc133619ae4c80cb2d5557e7cf874257bbe404 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 3 Sep 2025 23:19:39 +0200 Subject: [PATCH 3/4] ensure roles are unique --- modules/ami-housekeeper/main.tf | 2 +- modules/lambda/main.tf | 2 +- modules/runners/policies-runner.tf | 2 +- modules/runners/pool/main.tf | 2 +- modules/runners/scale-down.tf | 2 +- modules/runners/scale-up.tf | 2 +- modules/runners/ssm-housekeeper.tf | 2 +- modules/setup-iam-permissions/main.tf | 2 +- modules/webhook/direct/webhook.tf | 2 +- modules/webhook/eventbridge/dispatcher.tf | 2 +- modules/webhook/eventbridge/webhook.tf | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/ami-housekeeper/main.tf b/modules/ami-housekeeper/main.tf index 0be45ab179..4552493c81 100644 --- a/modules/ami-housekeeper/main.tf +++ b/modules/ami-housekeeper/main.tf @@ -55,7 +55,7 @@ resource "aws_cloudwatch_log_group" "ami_housekeeper" { } resource "aws_iam_role" "ami_housekeeper" { - name = substr("${var.prefix}-ami-housekeeper-role", 0, 63) + name = "${substr("${var.prefix}-ami-housekeeper-role", 0, 54)}-${substr(md5("${var.prefix}-ami-housekeeper-role"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf index e234a682fd..25cbd3f9dd 100644 --- a/modules/lambda/main.tf +++ b/modules/lambda/main.tf @@ -60,7 +60,7 @@ resource "aws_cloudwatch_log_group" "main" { } resource "aws_iam_role" "main" { - name = substr("${var.lambda.prefix}-${var.lambda.name}", 0, 63) + name = "${substr("${var.lambda.prefix}-${var.lambda.name}", 0, 54)}-${substr(md5("${var.lambda.prefix}-${var.lambda.name}"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.lambda.role_permissions_boundary diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf index 7c53b8b18c..b908c243d0 100644 --- a/modules/runners/policies-runner.tf +++ b/modules/runners/policies-runner.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "runner" { - name = substr("${var.prefix}-runner-role", 0, 63) + name = "${substr("${var.prefix}-runner-role", 0, 54)}-${substr(md5("${var.prefix}-runner-role"), 0, 8)}" assume_role_policy = templatefile("${path.module}/policies/instance-role-trust-policy.json", {}) path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/pool/main.tf b/modules/runners/pool/main.tf index b52ce1c60a..6e082346d0 100644 --- a/modules/runners/pool/main.tf +++ b/modules/runners/pool/main.tf @@ -74,7 +74,7 @@ resource "aws_cloudwatch_log_group" "pool" { } resource "aws_iam_role" "pool" { - name = substr("${var.config.prefix}-action-pool-lambda-role", 0, 63) + name = "${substr("${var.config.prefix}-action-pool-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-action-pool-lambda-role"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf index 93eabd4413..e7b7ec386e 100644 --- a/modules/runners/scale-down.tf +++ b/modules/runners/scale-down.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "scale_down" { } resource "aws_iam_role" "scale_down" { - name = substr("${var.prefix}-action-scale-down-lambda-role", 0, 63) + name = "${substr("${var.prefix}-action-scale-down-lambda-role", 0, 54)}-${substr(md5("${var.prefix}-action-scale-down-lambda-role"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf index 5e4ae75a9c..ad88c7ca95 100644 --- a/modules/runners/scale-up.tf +++ b/modules/runners/scale-up.tf @@ -101,7 +101,7 @@ resource "aws_lambda_permission" "scale_runners_lambda" { } resource "aws_iam_role" "scale_up" { - name = substr("${var.prefix}-action-scale-up-lambda-role", 0, 63) + name = "${substr("${var.prefix}-action-scale-up-lambda-role", 0, 54)}-${substr(md5("${var.prefix}-action-scale-up-lambda-role"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/ssm-housekeeper.tf b/modules/runners/ssm-housekeeper.tf index b73514fed8..b535dfee3f 100644 --- a/modules/runners/ssm-housekeeper.tf +++ b/modules/runners/ssm-housekeeper.tf @@ -83,7 +83,7 @@ resource "aws_lambda_permission" "ssm_housekeeper" { } resource "aws_iam_role" "ssm_housekeeper" { - name = substr("${var.prefix}-ssm-hk-lambda", 0, 63) + name = "${substr("${var.prefix}-ssm-hk-lambda", 0, 54)}-${substr(md5("${var.prefix}-ssm-hk-lambda"), 0, 8)}" description = "Lambda role for SSM Housekeeper (${var.prefix})" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path diff --git a/modules/setup-iam-permissions/main.tf b/modules/setup-iam-permissions/main.tf index 0f6e4a70a6..48db4ffc9a 100644 --- a/modules/setup-iam-permissions/main.tf +++ b/modules/setup-iam-permissions/main.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "deploy" { - name = substr("${var.prefix}-terraform", 0, 63) + name = "${substr("${var.prefix}-terraform", 0, 54)}-${substr(md5("${var.prefix}-terraform"), 0, 8)}" permissions_boundary = aws_iam_policy.deploy_boundary.arn assume_role_policy = templatefile("${path.module}/policies/assume-role-for-account.json", { diff --git a/modules/webhook/direct/webhook.tf b/modules/webhook/direct/webhook.tf index 778ba5b077..4ee8f033b5 100644 --- a/modules/webhook/direct/webhook.tf +++ b/modules/webhook/direct/webhook.tf @@ -90,7 +90,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = substr("${var.config.prefix}-direct-webhook-lambda-role", 0, 63) + name = "${substr("${var.config.prefix}-direct-webhook-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-direct-webhook-lambda-role"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/dispatcher.tf b/modules/webhook/eventbridge/dispatcher.tf index 23f2ce8327..1d64e4ded2 100644 --- a/modules/webhook/eventbridge/dispatcher.tf +++ b/modules/webhook/eventbridge/dispatcher.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda" { } resource "aws_iam_role" "dispatcher_lambda" { - name = substr("${var.config.prefix}-dispatcher-lambda-role", 0, 63) + name = "${substr("${var.config.prefix}-dispatcher-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-dispatcher-lambda-role"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/webhook.tf b/modules/webhook/eventbridge/webhook.tf index 6557e7c617..9a1725cca5 100644 --- a/modules/webhook/eventbridge/webhook.tf +++ b/modules/webhook/eventbridge/webhook.tf @@ -89,7 +89,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = substr("${var.config.prefix}-eventbridge-webhook-lambda-role", 0, 63) + name = "${substr("${var.config.prefix}-eventbridge-webhook-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-eventbridge-webhook-lambda-role"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary From 1471663542dd2435eb809f561edfab21f6f7086b Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 3 Sep 2025 23:35:12 +0200 Subject: [PATCH 4/4] rename and align lambda roles --- modules/ami-housekeeper/main.tf | 2 +- modules/runner-binaries-syncer/runner-binaries-syncer.tf | 2 +- modules/runners/policies-runner.tf | 2 +- modules/runners/pool/main.tf | 2 +- modules/runners/scale-down.tf | 2 +- modules/runners/scale-up.tf | 2 +- modules/webhook/direct/webhook.tf | 2 +- modules/webhook/eventbridge/dispatcher.tf | 2 +- modules/webhook/eventbridge/webhook.tf | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/ami-housekeeper/main.tf b/modules/ami-housekeeper/main.tf index 4552493c81..d8cec2f857 100644 --- a/modules/ami-housekeeper/main.tf +++ b/modules/ami-housekeeper/main.tf @@ -55,7 +55,7 @@ resource "aws_cloudwatch_log_group" "ami_housekeeper" { } resource "aws_iam_role" "ami_housekeeper" { - name = "${substr("${var.prefix}-ami-housekeeper-role", 0, 54)}-${substr(md5("${var.prefix}-ami-housekeeper-role"), 0, 8)}" + name = "${substr("${var.prefix}-ami-housekeeper", 0, 54)}-${substr(md5("${var.prefix}-ami-housekeeper"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf index d3f5f08efa..7565871531 100644 --- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf +++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf @@ -74,7 +74,7 @@ resource "aws_cloudwatch_log_group" "syncer" { } resource "aws_iam_role" "syncer_lambda" { - name = "${var.prefix}-action-syncer-lambda-role" + name = "${substr("${var.prefix}-syncer-lambda", 0, 54)}-${substr(md5("${var.prefix}-syncer-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf index b908c243d0..2b7d894619 100644 --- a/modules/runners/policies-runner.tf +++ b/modules/runners/policies-runner.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "runner" { - name = "${substr("${var.prefix}-runner-role", 0, 54)}-${substr(md5("${var.prefix}-runner-role"), 0, 8)}" + name = "${substr("${var.prefix}-runner", 0, 54)}-${substr(md5("${var.prefix}-runner"), 0, 8)}" assume_role_policy = templatefile("${path.module}/policies/instance-role-trust-policy.json", {}) path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/pool/main.tf b/modules/runners/pool/main.tf index 6e082346d0..e141b22d25 100644 --- a/modules/runners/pool/main.tf +++ b/modules/runners/pool/main.tf @@ -74,7 +74,7 @@ resource "aws_cloudwatch_log_group" "pool" { } resource "aws_iam_role" "pool" { - name = "${substr("${var.config.prefix}-action-pool-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-action-pool-lambda-role"), 0, 8)}" + name = "${substr("${var.config.prefix}-pool-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-pool-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf index e7b7ec386e..d274e3d4f1 100644 --- a/modules/runners/scale-down.tf +++ b/modules/runners/scale-down.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "scale_down" { } resource "aws_iam_role" "scale_down" { - name = "${substr("${var.prefix}-action-scale-down-lambda-role", 0, 54)}-${substr(md5("${var.prefix}-action-scale-down-lambda-role"), 0, 8)}" + name = "${substr("${var.prefix}-scale-down-lambda", 0, 54)}-${substr(md5("${var.prefix}-scale-down-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf index ad88c7ca95..9230267c07 100644 --- a/modules/runners/scale-up.tf +++ b/modules/runners/scale-up.tf @@ -101,7 +101,7 @@ resource "aws_lambda_permission" "scale_runners_lambda" { } resource "aws_iam_role" "scale_up" { - name = "${substr("${var.prefix}-action-scale-up-lambda-role", 0, 54)}-${substr(md5("${var.prefix}-action-scale-up-lambda-role"), 0, 8)}" + name = "${substr("${var.prefix}-scale-up-lambda", 0, 54)}-${substr(md5("${var.prefix}-scale-up-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary diff --git a/modules/webhook/direct/webhook.tf b/modules/webhook/direct/webhook.tf index 4ee8f033b5..362ed3e044 100644 --- a/modules/webhook/direct/webhook.tf +++ b/modules/webhook/direct/webhook.tf @@ -90,7 +90,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = "${substr("${var.config.prefix}-direct-webhook-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-direct-webhook-lambda-role"), 0, 8)}" + name = "${substr("${var.config.prefix}-direct-webhook-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-direct-webhook-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/dispatcher.tf b/modules/webhook/eventbridge/dispatcher.tf index 1d64e4ded2..2e311c533f 100644 --- a/modules/webhook/eventbridge/dispatcher.tf +++ b/modules/webhook/eventbridge/dispatcher.tf @@ -85,7 +85,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda" { } resource "aws_iam_role" "dispatcher_lambda" { - name = "${substr("${var.config.prefix}-dispatcher-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-dispatcher-lambda-role"), 0, 8)}" + name = "${substr("${var.config.prefix}-dispatcher-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-dispatcher-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary diff --git a/modules/webhook/eventbridge/webhook.tf b/modules/webhook/eventbridge/webhook.tf index 9a1725cca5..c57b6da5e3 100644 --- a/modules/webhook/eventbridge/webhook.tf +++ b/modules/webhook/eventbridge/webhook.tf @@ -89,7 +89,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = "${substr("${var.config.prefix}-eventbridge-webhook-lambda-role", 0, 54)}-${substr(md5("${var.config.prefix}-eventbridge-webhook-lambda-role"), 0, 8)}" + name = "${substr("${var.config.prefix}-eventbridge-webhook-lambda", 0, 54)}-${substr(md5("${var.config.prefix}-eventbridge-webhook-lambda"), 0, 8)}" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary